9 Why Segmentation The assumption of a trusted internal network is no longer a safe bet Enables compartmentalization and enhances resiliency during an attack 2015 Check Point Software Technologies Ltd. 9

25 OMG!!! The point of sale device is infected!!! Critical Severity Prevented Do Bot we have Event business in Italy? Unusual hour How should I respond to this incident? 2015 Check Point Software Technologies Ltd. 25

27 Advanced Threat Prevention Forensics The Host is infected now what? NEW Questions: How was the host infected? What got compromised? Which files/domains/processes were part of the attack? Which other machines are also compromised? 2015 Check Point Software Technologies Ltd. 27

32 SMARTEVENT STORY LINE Jasmine receives an with a link in it from the known sender Jasmine follows the link in the and opens a malicious pdf Her computer is infected with a bot. The bot connects to C&C Links inside URL reputation Anti-Bot ENDPOINT FORENSICS The bot tries to send credit card numbers to its C&C Bot records credit cards numbers at the point of sale The bot scans internal network and infects the point of sale device via CIFS Anti-Bot 2015 Check Point Software Technologies Ltd. 32

33 What did we learn? CARD SWIPING DEVICES POS TERMINALS REST OF THE ORGANIZATION Segmentation is important 2015 Check Point Software Technologies Ltd. 33

34 Back to malicious Check Point Software Technologies Ltd. 34

35 Let s check if the document is known to Virus Total?!?!? $#$^%$^ The file is clean according to Virus Total 2015 Check Point Software Technologies Ltd. 35

43 What s up, man? We have an infected host, and I m waiting for my boss to approve enabling Threat Emulation. There are additional users that start getting same with the malicious link Meanwhile, block it with the custom Indicator or with IPS SNORT rule 2015 Check Point Software Technologies Ltd. 43

53 Immediate subscription for intelligence feeds NO changes needed to policy and infrastructure For all of your security gateways 2015 Check Point Software Technologies Ltd. 53

54 Why do people open malicious documents? Because people do not know that these documents are malicious Why do they need to open these documents? Because people work with documents 2015 Check Point Software Technologies Ltd. 54

55 What if, instead of looking for malware, you could Eliminate all RISKS? IMMEDIATELY? 2015 Check Point Software Technologies Ltd. 55

Zscaler Cloud Web Gateway Test A test commissioned by Zscaler, Inc. and performed by AV-TEST GmbH. Date of the report: April15 th, 2016 Executive Summary In March 2016, AV-TEST performed a review of the

FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint

Security workshop Belnet Aris Adamantiadis Brussels 18 th April 2013 Agenda What is a botnet? Symptoms How does it work? Life cycle How to fight against botnets? Proactive and reactive NIDS 2 What is a

How Lastline Has Better Breach Detection Capabilities By David Strom December 2014 david@strom.com The Internet is a nasty place, and getting nastier. Current breach detection products using traditional

The Advanced Attack Challenge Creating a Government Private Threat Intelligence Cloud The Advanced Attack Challenge One of the most prominent and advanced threats to government networks is advanced delivery

WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has

Unknown threats in Sweden Study publication August 27, 2014 Executive summary To many international organisations today, cyber attacks are no longer a matter of if but when. Recent cyber breaches at large

SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

Next Generation Firewalls and Sandboxing Joe Hughes, Director www.servicetech.co.uk Summary What is a Next Generation Firewall (NGFW)? Threat evolution Features Deployment Best practices What is Sandboxing?

Secure Web Browsing With the right architecture, the web browser can become an effective solution for malware prevention Branden Spikes, CEO, CTO, and Founder of Spikes, Inc. Scott Martin, CISSP, CIO of

White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments OVERVIEW This document explains the functionality of Security for Virtual and Cloud Environments (SVCE) - what

2010 White Paper Series Layer 7 Application Firewalls Introduction The firewall, the first line of defense in many network security plans, has existed for decades. The purpose of the firewall is straightforward;

Overview The term BFSI stands for Banking, Financial Services and Insurance (BFSI). This term is widely used to address those companies which provide an array of financial products or services. Financial

High End Information Security Services Welcome Trion Logics Security Solutions was established after understanding the market's need for a high end - End to end security integration and consulting company.

Detecting Remote Access (RAT) Attacks on Online Banking Sites A BioCatch White Paper Document Overview Remote Access Tools (RATs) allow an attacker to take control over a desktop and use it remotely, opening

Palo Alto Networks October 6 Agenda Malware Trends by the numbers Protect Locally Share Globally Delivery methods 21.5% ~14% OF MALWARE HAS BEEN DELIVERED OVER APPS OTHER THAN WEB AND EMAIL IN 2015 8.2%

RSA Security Analytics This is what SIEM was Meant to Be 1 The Original Intent of SIEM Single compliance & security interface Compliance yes, but security? Analyze & prioritize alerts across various sources

AirGap The Technology That Makes Isla a Powerful Web Malware Isolation System Introduction Web browsers have become a primary target for cyber attacks on the enterprise. If you think about it, it makes

The Days of Feeling Vulnerable Are Over: Best Practices in Vulnerability Management An EiQ Networks White Paper The Need for Vulnerability Management Vulnerabilities are potential holes introduced by flaws

WhatWorks in Detecting and Blocking Advanced Threats: A Real Case Study at a Large Research Organization with WhatWorks is a user-to-user program in which security managers who have implemented effective

Securing the Small Business Network Keeping up with the changing threat landscape Table of Contents Securing the Small Business Network 1 UTM: Keeping up with the Changing 2 Threat Landscape RFDPI: Not

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic